The Makefile targets are:
policy - compile the policy configuration.
install - compile and install the policy configuration.
load    - compile, install, and load the policy configuration.
relabel - relabel the file system based on file_contexts.

If you have configured MLS into your kernel, then
set CONFIG_FLASK_MLS=y in the Makefile.

Three of the configuration files are independent of the particular
security policy, and are identical to corresponding files in
kernel/flask.  These files are:
1) security_classes -
   This file has a simple declaration for each security class.
   The corresponding symbol definitions are in the automatically
   generated header file include/linux/flask/flask.h. 

2) initial_sids - 
   This file has a simple declaration for each initial SID.
   The corresponding symbol definitions are in the automatically
   generated header file include/linux/flask/flask.h. 

3) access_vectors - 
   This file defines the access vectors.  Common prefixes for
   access vectors may be defined at the beginning of the file.
   After the common prefixes are defined, an access vector
   may be defined for each security class.
   The corresponding symbol definitions are in the automatically
   generated header file include/linux/flask/av_permissions.h.

In addition to being read by the security server, these configuration
files are used during the kernel build to automatically generate
symbol definitions used by the kernel for security classes, initial
SIDs and permissions.  Since the symbol definitions generated from
these files are used during the kernel build, the values of existing
security classes and permissions may not be modified by load_policy.
However, new classes may be appended to the list of classes and new
permissions may be appended to the list of permissions associated with
each access vector definition.

The policy-dependent configuration files are:
1) all.te -  
   This file defines the Type Enforcement (TE) configuration.
   This file is automatically generated from a collection of files.

   The macros.te file contains global macros used throughout the
   configuration for common groupings of classes and permissions
   and for common sets of rules.  The assert.te file contains assertions
   that are checked after evaluating the entire TE configuration.

   The types subdirectory contains several files with declarations for
   general types (types not associated with a particular domain) and 
   some rules defining relationships among those types.  Related types 
   are grouped together into each file in this directory, e.g. all
   device type declarations are in the device.te file.

   The domains subdirectory contains several subdirectories with
   a separate file containing the declarations and rules for each 
   domain.  Related domains are grouped together into each subdirectory,
   e.g. all domain definitions for system processes are in the 
   domains/system subdirectory.  The domains/every.te file contains rules 
   that apply to every domain.

2) rbac - 
   This file defines the Role-Based Access Control (RBAC) configuration.

3) mls - 
   This file defines the Multi-Level Security (MLS) configuration.

4) users and users.mls -
   This file defines the users recognized by the security policy.

5) constraints - 
   This file defines additional constraints on permissions
   in the form of boolean expressions that must be satisfied in order
   for specified permissions to be granted.  These constraints
   are used to further refine the type enforcement tables and
   the role allow rules.

6) initial_sid_contexts and initial_sid_contexts.mls -
   This file defines the security context for each initial SID.
   A security context consists of a user identity, a role, a type and
   a MLS range.  If left unspecified, the high MLS level defaults to the
   low MLS level.  The syntax of a valid security context is:

     user:role:type:sensitivity[:category,...][-sensitivity[:category,...]]

7) fs_contexts and fs_contexts.mls -
   This file defines the security contexts to use when an unlabeled
   file system is mounted.

8) net_contexts and net_contexts.mls -
   This file defines the security contexts of network objects
   such as ports, interfaces, and nodes.

9) file_contexts and file_contexts.mls -
   This file defines the labels to be assigned to files.

It is possible to test the security server functions on a given policy
configuration by running the checkpolicy program with the -d option.
This program is built from the same sources as the security server
component of the kernel, so it may be used both to verify that a
policy configuration will load successfully and to determine how the
security server would respond if it were using that policy
configuration.  A menu-based interface is provided for calling any of
the security server functions after the policy is loaded. 
